1 min
Metasploit
Metasploit on Kali Linux 2.0
As you are aware, Kali 2.0
[https://www.kali.org/releases/kali-linux-20-released/] has been released this
week and getting quite a bit of attention, as it should. Folks behind Kali have
worked really hard to bring you the new version of Kali Linux that everyone is
excited about. If you have already started to play with the new version, you
probably have realized that something is different, that is; Metasploit
Community / Pro is no longer installed by default.
Where is Metasploit Community / Pr
3 min
Metasploit
Metasploit Local Exploit Suggester: Do Less, Get More!
Meet Lester, the Exploit Suggester
Hey there, my name is Mo ( Mohamed Sadek [https://github.com/MSadek-r7] ). I am
currently an intern at Rapid7, working with the Metasploit team in Austin. After
some research, testing, and more than a few energy drinks, sinn3r (sinn3r
[https://twitter.com/_sinn3r] ) and I have authored the first version of the
Metasploit Local Exploit Suggester, or Lester for short. Lester is a post module
that you can use to check a system for local vulnerabilities, using the
6 min
Metasploit
Interning at Rapid7: A "git push" in the Right Direction
How I Got Here
Hey there! My name is Mo. I'm currently an intern here at Rapid7 working in the
Austin office as part of the Metasploit team. If you came here expecting a deep
understanding of Metasploit, this blog post isn't the right place. If you ARE
interested in knowing what it's like to being a small town college student
working at a leading firm in security engineering, then keep reading!
Everyone used to tell me that every mistake and failure was a push in the right
direction, but that
8 min
Metasploit
Wassenaar Arrangement - Frequently Asked Questions
The purpose of this post is to help answer questions about the Wassenaar
Arrangement. You can find the US proposal for implementing the Arrangement here
[https://s3.amazonaws.com/public-inspection.federalregister.gov/2015-11642.pdf],
and an accompanying FAQ from the Bureau of Industry and Security (BIS) here
[http://www.bis.doc.gov/index.php/policy-guidance/faqs#subcat200]. For Rapid7's
take on Wassenaar, and information on the comments we intend to submit to BIS,
please read this companion pie
2 min
Metasploit
Metasploit Framework Rails 4.0 Upgrade
It is always a running battle to keep an application's backend up to date with
various technologies. Today, we are excited to announce that Metasploit
Framework [https://www.metasploit.com/download/] now ships with Rails 4.0.
Upgrades like this are sometimes hard to get excited about because if everything
goes well, users should see no difference. There are many reasons to upgrade to
Rails 4, though.
Why Upgrade
Here are the important reasons to upgrade from our perspective:
* Security is a b
1 min
Metasploit
2015 Metasploit T-Shirt Design Contest: It's On!
Hacker-designers! We need you! Show us your graphic skills, design an epic
Metasploit t-shirt, and win Eternal Fame and Glory!
[https://99designs.com/t-shirt-design/contests/metasploit-t-shirt-design-contest-489841/brief]
Ahem, er, rather, we're looking for someone to design this year's Metasploit
t-shirt.
And if you are this year's winning Metasploit t-shirt designer, you will get
$230USD and the notoriety and/or immense personal satisfaction in knowing that
you're the 2015 Metasploit t-shi
5 min
Metasploit
Unicode Support in Meterpreter
A short, mostly-accurate history of character encodings
In the beginning, when you wanted to use a computer to store text, there were
not many options - you inherited something from punchcards like EBCDIC or
invented something convenient and unique to your system. Computers did not need
to talk to each other, so there was not much point in standardizing between
vendors. Things were pretty simple.
Then, there came the need for computers and vendors to interoperate and
communicate. Thus, ASCII an
8 min
Metasploit
Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.
The Survey
One month ago we asked the community for feedback about how they use Metasploit
and what they want to see in the Meterpreter payload suite going forward. Over
the course of a week we received over 400 responses and over 200 write-in
suggestions for new features. We have spent the last month parsing through your
responses, identifying dependencies, and actively delivering new features based
on your requests. These requests covered 20 different categories:
General Feedback Metasploit F
1 min
Metasploit
Nexpose and Metasploit Training and Certification Courses Filling Up Fast!
Looking to amp-up or fine-tune your security prowess? UNITED conference
attendees get the chance to do just that by registering for additional small
group training and certification courses (Nexpose Basic, Metasploit Basic, and
Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling
up quickly!
Save your spot now for two days of formalized, curriculum-based training with
Rapid7 experts [http://www.unitedsummit.org/new-registration.jsp]. You'll get
to:
* Share best p
4 min
Metasploit
Being Product Manager of Metasploit
Hello World
My name is Eray Yilmaz, and I am the new Product Manager of Metasploit. It has
been three months since I have joined Rapid7, and I wanted to share my
experiences with you so far. Before we get to that, here is tiny bit about
myself:
I am a 28, married, and fairly new father. I went to UTSA where I majored in
Information Assurance and Information Systems, and received my B.B.A. Like
anyone else in our industry, I have done my fair share of IT work, from helpdesk
to managing networks
4 min
Metasploit
HOTFIX: Metasploit Startup Issues After Upgrading to 4.11.0 (Update 2014122301)
Overview
The Update (2014122301) which was released on December, 23th 2014, failed to
include necessary files for the application to update to version 4.11.0 for the
first time.
Issue
The application will not start, therefore browser will provide generic "The page
can't be displayed" message when trying to load the web UI.
Additionally, various log messages may appear in respective log files.
Windows: C:\metasploit\apps\pro\engine\prosvc.log
Linux: /opt/metasploit/apps/pro/engine/prosvc_stder
7 min
Metasploit
12 Days of HaXmas: Maxing Meterpreter's Mettle
This post is the twelfth in a series, 12 Days of HaXmas, where we usually take a
look at some of more notable advancements and events in the Metasploit Framework
over the course of 2014. As this is the last in the series, let's peek forward,
to the unknowable future.
Happy new year, it's time to make some resolutions. There is nothing like a
fresh new year get ones optimism at its highest.
Meterpreter is a pretty nifty piece of engineering, and full of useful
functionality. The various extensi
3 min
Metasploit
12 Days of HaXmas: Metasploit, Nexpose, Sonar, and Recog
This post is the tenth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
The Metasploit Framework [https://www.metasploit.com/download/] uses operating
system and service fingerprints for automatic target selection and asset
identification. This blog post describes a major overhaul of the fingerprinting
backend within Metasploit and how you can extend it by submitting new
fingerprints.
Histo
9 min
Metasploit
12 Days of HaXmas: Buffer Overflows Come and Go, Bad Passwords are Forever
This post is the fourth in a series, 12 Days of HaXmas, where we take a look at
some of more notable advancements and events in the Metasploit Framework over
the course of 2014.
This summer, the Metasploit team began the large undertaking of reworking
credentials throughout the project. Metasploit, as you already know, began as a
collection of traditional exploits. Over the years it has grown into much more
than that. Credentials were first introduced into Metasploit in the form of
Auxiliary Sc
3 min
Metasploit
Good-bye msfpayload and msfencode
Greetings all,
On behalf of the Metasploit's development teams, I'd like to officially announce
the decision of deprecating msfpayload and msfencode. Also starting today, we no
longer support or accept patches for these two utilities. On June 8th 2015, the
elderly msfpayload and msfencode will retire from the Metasploit repository, and
replaced by their successor msfvenom. The tool msfvenom is the combination of
msfpayload and msfencode, and has been in testing for more than 3.5 years.
msfpayl